Because Preview Apps are not fully developed, they are not officially supported by Sumo Logic Support, and documentation instructions are not final. To provide feedback, report a bug, or get help, log into the Sumo Logic Community, and post to the topic for your Preview App.

This page demonstrates how to configure log collection for the Duo Security App.

Log Types

The Duo Security App uses following logs. See Duo documentation for details of the log schema.

When you generate the Duo credentials, you should do it for the Admin API application.

Step 1. Create Hosted Collector and HTTP Source

Create an HTTP Logs and Metrics Source on the Collector you created in the previous step.
When you have configured the HTTP Source, Sumo will display the URL of the HTTP endpoint. Make a note of the URL. You will use it when you configure the Lambda Function to send data to Sumo.

The Duo Admin API allows you to integrate your application with Duo Security’s platform at a low level. The API has methods for creating, retrieving, updating, and deleting the core objects in Duo’s system for seamless integrations.

The Function code directory structure should look like this, make sure there isn't an extra folder between the root folder duo_test2 and the duo_client folder. The lambda_function.py file needs to be directly under the root folder.

Step 4. Define Environment Variables for Lambda Function

Define the following environment variables on the AWS Lambda Function page: